European Court of Human Rights issues landmark ruling on mass surveillance

European Court of Human Rights issues landmark ruling on mass surveillance

The ICJ welcomes the ruling by the European Court of Human Rights in the case of B.B.W. and others v. the United Kingdom, setting out important guarantees against mass surveillance online.

On 25 May, the Grand Chamber of the European Court of Human Rights issued its final ruling in this case in which the ICJ intervened. The case deals with the human rights implications of the system of intelligence mass surveillance of the United Kingdom, which was unveiled by the revelations of Edward Snowden.

“The judgment sets out clear guarantees to be respected in order to carry out bulk interception of communications”, said Massimo Frigo, Senior Legal Adviser for the ICJ Europe and Central Asia Programme, “it is a first important step towards ensuring that protection of human rights is as effective online as it is offline. All Member States of the Council of Europe must now ensure that their surveillance systems respect these minimal guarantees.”

In its judgment, the Court recognised the difference between surveillance of individual communications and bulk interception of communications with the use of metadata and introduces a set of procedural guarantees to be respected at initial, intermediary and final stages of bulk data surveillance.

The Court found that these guarantees also apply when a State receives  intelligence based on bulk interception carried out by foreign States.

The judgment, however, does not fully address the implications for human rights of States’ participation in close transnational surveillance cooperation such as the system of the “Five Eyes” including the UK, USA, Canada, Australia and New Zealand.

“These transnational surveillance systems entail a higher level of responsibility by States under international human rights law in light of the high risk of bypassing national remedies”, said Massimo Frigo, “We hope the Court will be able to address these important issues in the future to strengthen the protection of human rights online in Europe.”

Contact:

Massimo Frigo, ICJ Senior Legal Adviser, t: +41797499949, e: massimo.frigo(a)icj.org

Myanmar: Scrap Cyber Security Draft Law and Restore Full Internet Connectivity

Myanmar: Scrap Cyber Security Draft Law and Restore Full Internet Connectivity

The Myanmar military should immediately abandon the draft Cyber Security Law and end Internet restrictions it has imposed since taking power in a coup on 1 February, said ARTICLE 19, Open Net Association, and the ICJ today.

“It is telling that controlling cyberspace is one of the top priorities of the Myanmar military, which seized power through an illegitimate coup d’etat only last week,” said Sam Zarifi, ICJ’s Secretary General. “The military is used to having total power in Myanmar, but this time they have to face a population that has access to information and can communicate internally and externally.”

Under international law, the rights to freedom of expression and information may only be restricted if prescribed by law, in pursuit of a legitimate aim, and necessary and proportionate to that aim. This right applies equally online. In 2018, the UN Human Rights Council condemned ‘all undue restrictions on freedom of opinion and expression online that violate international law’.

“Having illegally seized control of government, the military is trying to ram through a hugely problematic law that would imperil the Myanmar public’s ability to share and access information online,” said Matthew Bugher, ARTICLE 19’s Head of Asia Programme. “The draft law is further evidence of the military’s intent to control online discourse and permanently undermine Internet freedom in the country.”

Human rights bodies and experts have repeatedly condemned Internet shutdowns, which are inherently unnecessary and disproportionate irrespective of their purported objectives. Four UN special procedures with mandates from the Human Rights Council stated in their 2011 Joint Declaration on Freedom of Expression and the Internet that, ‘Cutting off access to the Internet, or parts of the Internet, for whole populations or segments of the public (shutting down the Internet) can never be justified, including on public order or national security grounds’. The UN Human Rights Council has repeatedly called on Myanmar to lift Internet restrictions in the country.

Anonymity is furthermore crucial to protecting the right to freedom of expression and other human rights, including the right to privacy. UN Human Rights Council Resolution 38/7 recognizes that ‘privacy online is important for the realization of the right to freedom of expression and to hold opinions without interference, and the right to freedom of peaceful assembly and association’. The UN Special Rapporteur on freedom of expression in a 2015 report stated that restrictions on encryption must confirm to the three-part test on restrictions to the freedom of expression noted above.

“The ban on online anonymity in the cybersecurity law is not just bad for Myanmar but sets a dangerous precedent for the whole of Asia”, said Kyung Sin Park, Executive Director of Open Net Association, whose founders spearheaded a successful constitutional challenge against a similar law in South Korea in 2012. “The content takedown provisions and criminalization of online speech in the draft law are extremely broad and utterly lacking due process even in comparison to other Asian countries. The proposal smacks of a legislative attempt to extend the powers the military had taken in an unlawful, anti-democratic coup.”

ISPs, online service providers (as defined by the draft law to mean content providers) and other stakeholders have only been given until 15 February for input. This is a clear indication that the military has no intention of engaging in meaningful consultation.

On 10 February, a group of 158 Myanmar civil society organizations released a statement rejecting the draft Cyber Security Law, while reiterating their view that the Myanmar military could not legitimately exercise legislative authority.

“All online service providers inside and outside the country should be alarmed at this intrusion of military authority into cyberspace and refuse to implement these hugely problematic restrictions,” said ICJ’s Sam Zarifi.

SPECIFIC PROBLEMATIC PROVISIONS OF THE DRAFT CYBERSECURITY LAW (based on an unofficial translation of the draft law):

Many provisions in the draft law are vague and overbroad, in contravention of the principle of legality. If enacted, the draft law would greatly extend the powers of military authorities to restrict and punish online expression.

The law provides overarching control to the military’s ‘State Administration Council’, a newly-formed body appointed by the Commander-in-Chief. The direct military control of Internet service provision and its role in the policing of content online is in and of itself cause for alarm. Further, the military should in no circumstances be charged with protecting personal data.

Section 29 of the draft law is overly broad as it demands the prevention, removal, destruction and cessation of a broad and vaguely defined range of expression, including online comments deemed ‘misinformation’ or ‘disinformation’, any expression that causes hate and risks disrupting unity, stability, and peace, and ‘written and verbal statements against any existing law’.

Under section 64, any person convicted of creating ‘misinformation’ and ‘disinformation’ with the intent of causing public panic, loss of trust or social division in cyberspace is punishable by three years’ imprisonment, a fine, or both.

International human rights bodies have repeatedly urged governments against laws that create ‘false news’ offences, warning about their potential abuse by governments to suppress criticism and other forms of speech protected by international human rights law.

Section 30 threatens the right to online anonymity by requiring online service providers to retain usernames, IP addresses, national IDs, and other personal data for up to three years, and to provide this information to authorities upon request. For this purpose, Section 28 requires an online service provider to ensure that any device that stores the user’s information must be kept in a place designated by the relevant Ministry.

The draft law also has overly broad catch-all provisions in Sections 61 and 73 respectively whereby online service providers that fail to comply with any provisions of the draft law face a maximum penalty of three years’ imprisonment and a fine and individuals failing to comply with any rules, regulations, notifications, orders, directives, and procedures issued under the draft law are subject to one year’s imprisonment and a fine. These sanctions which are punitive in purpose and effective are non-compliant with the requirement of proportionality under international human rights law and standards on freedom of expression.

The draft law also provides for enhanced power to control the Internet without the benefit of judicial review by independent civilian courts. In the ‘public interest’, a ministry approved by the State Administration Council may temporarily prohibit any online service or take control of devices related to online service provision, as well as permanently ban any online service provider. This is a less stringent standard than that provided under the problematic and much-criticized section 77 of the Telecommunications Act, which allows for shut downs or control of telecommunications in an ‘emergency situation’.

Download

Statement in Burmese.

Contact

Osama Motiwala, ICJ Asia-Pacific Communications Officer, e: osama.motiwala(a)icj.org

Translate »